Is there a tool that can tell me instantly when I writing code if I’m doing anything wrong regarding security? Yes there is!

As developers we are constantly moving ourselves out on new ice but when can we know when the new ice is thin and fragile especially if we have been there before?

If you haven’t written any code for hashing or encrypt before how would you know if you are using a class for a safe algorithm or a “broken” one? And what about all those parameters, could you trust the code snippets you found online?

Did you know that when working with XML provided from an other source you could open up a lot of different vulnerabilities if you don’t configure your reader/parser properly?

So better to be safe then sorry and use some kind of tool that will alert you when you are writing poetically dangerous code. You should look for some thing that do “security audits” and/or “static code analysis” on your code, preferably when you are writing (but you can use something in your build pipeline as well).

Here is a free software that may fit you:

Pumascan is a Visual Studio Extension (paid versions for CI) for c#.